HashiCorp Federal President Melissa Palmer has spent over 25 years in the government contracting field. Throughout her career, she has focused on the delivery of information technology products and services related to cloud, DevSecOps, cybersecurity and more.
Palmer assumed her current role in November 2022, and now, she oversees HashiCorp’s strategy for providing multi-cloud offerings to federal agencies. Prior to joining the company, she held leadership roles at Puppet, Absolute Software, Red Hat and other organizations.
In a recent Executive Spotlight interview with ExecutiveBiz, Palmer shared her thoughts on the current trends shaping government cloud adoption, the challenges agencies face when moving to the cloud and the opportunities cloud technology presents for public sector organizations.
Read the full interview below.
What is the top challenge you’re seeing as federal agencies migrate to the cloud? What solution would you propose to this problem?
The top challenge we see in the market is increasing complexity, which introduces unnecessary costs, program risks and security risks. This includes technical complexity due to new cloud architectures and approaches as well as complexity created by confusion as to what federal IT leaders should be doing to address modernization and migration to the cloud. The solution for agency leaders is to adopt a standardized model or framework that bridges the gap between old and new, on-premises and cloud and legacy and modernized technologies. At HashiCorp, we are seeing a growing interest in platform teams and internal developer platforms with our private sector customers, and these approaches can also help agency leaders with similar standardization projects.
Migrating to the cloud inherently means an increase in digital assets and infrastructure, and a decrease in physical assets. How do you think cloud has changed the cybersecurity paradigm as traditional organizational perimeters expand and even disappear?
Cloud computing is having a profound impact on cybersecurity. The protected perimeter of the traditional “four walls” of the agency infrastructure no longer exists. That perimeter has expanded into a heterogenous, multi-cloud environment, so the traditional paradigm of cybersecurity must evolve. With cloud, cybersecurity must expand from network-only controls to identity-based protection. No user, device or application can be trusted. Every entity in the infrastructure, whether on-prem or in the cloud, must be identified, authenticated, and then authorized to act within the environment based on well-defined policies. This zero trust approach to security will allow for organizations of all types to move to the cloud in a safe and secure manner.
What are some of the key barriers that remain in widespread federal cloud migration, and how do you think we can overcome them?
Complexity, compliance and a lack of modernized skills remain obstacles to cloud migration. Because of the proliferation of tools and platforms, complexity has increased and IT leaders may struggle to sift through the noise. Without a well-defined framework that identifies core functionality and leads to the right capabilities to accelerate cloud adoption, this complexity will remain. Compliance continues to be a barrier to efficiency across all solution areas, whether stringent regulations such as FedRAMP or the process and effort associated with achieving authority to operate. One primary way to overcome compliance challenges is through the same automation tools that will aid in migrating to the cloud. Reducing complexity will also streamline the compliance challenge. Finally, many of the advantages of modernization and cloud computing are limited by the need to modernize skills of technical staff and general skills shortages in the market. With so much time allocated solely to operation and maintenance of existing infrastructure, modernization can be slow. Government IT staff must receive constant education and training and leaders must recruit workers with knowledge and skills in cloud computing and application development to augment the existing workforce.
What opportunities can be unlocked with the cloud, and how do you think those opportunities will change the federal landscape?
The opportunities unlocked by the cloud revolve around speed, efficiency and cost savings, and they are already changing the landscape. Cloud computing eliminates the need for do-it-yourself approaches to IT, and as a result, it saves tremendous time and money on the evaluation, procurement, deployment and maintenance of physical solutions. The ability to “lease” such services through the cloud rather than build them is profound and helps IT leaders maintain the balance of skill across existing O&M and new tech. A new balance is emerging between owning infrastructure with capabilities that must be permanently in place and services that can be rented for periods of increased demand. IT services will continue to become more of a utility like electricity. Speed, efficiency and cost savings will accelerate as this balance takes shape.
Can you talk about how cybersecurity has impacted or changed the national security paradigm? What new trends or shifts are you seeing at the intersection of cybersecurity and national security, and how are those trends influencing the public sector today?
Today we have many more sophisticated cybersecurity methods and capabilities on both the offensive and defensive sides of the equation. While cybersecurity methods and tools for new cloud environments have advanced in recent years, so have the capabilities of malicious actors. The intersection of cybersecurity and national security is most profoundly manifested in the new trend of critical information being stored in edge systems. The edge offers great benefits to users with improved costs and speed while creating new attack vectors. Much like the cloud upended traditional security approaches due to its extended surface, the edge will do the same and will require the public sector to adapt as well.
Zero trust goes hand-in-hand with these trends. HashiCorp is working with trusted partners including Palo Alto Networks, Varonis and Okta on joint solutions that map to 100 percent of the Department of Defense zero trust security controls. Efforts like this will help civilian agencies adhere to the White House zero trust directive, which will be a great step towards achieving zero trust success.